首页> 外国专利> METHODS, SYSTEMS, AND MEDIA FOR MASQUERADE ATTACK DETECTION BY MONITORING COMPUTER USER BEHAVIOR

METHODS, SYSTEMS, AND MEDIA FOR MASQUERADE ATTACK DETECTION BY MONITORING COMPUTER USER BEHAVIOR

机译:通过监视计算机用户行为来进行恶意攻击检测的方法,系统和媒体

摘要

Methods, systems, and media for masquerade attack detection by monitoring computer user behavior are provided. In accordance with some embodiments, a method for detecting masquerade attacks is provided, the method comprising: monitoring, using a hardware processor, a first plurality of user actions in a computing environment; generating a user intent model based on the first plurality of user actions; monitoring a second plurality of user actions in the computing environment; determining whether at least one of the second plurality of user actions deviates from the generated user intent model; determining whether the second plurality of user actions include performing an action on a file in the computing environment that contains decoy information in response to determining that at least one of the second plurality of user actions deviates from the generated user intent model; and generating an alert in response to determining that the second plurality of user actions include performing an action on a file in the computing environment that contains decoy information.
机译:提供了用于通过监视计算机用户的行为来检测假冒攻击的方法,系统和介质。根据一些实施例,提供了一种用于检测伪装攻击的方法,该方法包括:使用硬件处理器来监视计算环境中的第一多个用户动作;以及基于所述第一多个用户动作来生成用户意图模型;监视计算环境中的第二多个用户动作;确定第二多个用户动作中的至少一个是否偏离所生成的用户意图模型;确定第二多个用户动作是否包括响应于确定第二多个用户动作中的至少一个背离所生成的用户意图模型而对包含诱饵信息的计算环境中的文件执行动作;响应于确定第二多个用户动作包括在包含欺骗信息的计算环境中对文件执行动作来生成警报。

著录项

相似文献

  • 专利
  • 外文文献
  • 中文文献
获取专利

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号